<?php
  include('header.php');
  if (!$_SESSION['signed_in']) {
      if (isset($_GET['changepass']) and $_GET['changepass'] == 1) {
          if ($_SERVER['REQUEST_METHOD'] != 'POST') {
              //FORM CHANGE PW
              $passkey = mysql_real_escape_string($_GET['passkey']);
			  $result = $db->query("SELECT confirm_code FROM " . $table_prefix . "users WHERE confirm_code = '" . mysql_real_escape_string($_GET['passkey']) . "'") or die(mysql_error());
              if (mysql_num_rows($result) == 0) {
                  echo '<br><b>' . $l_information . '</b><hr/><br/><div align="center"><span style="color:red">' . $l_wrong_confirm . '</span><br /><a class="loginlink" href="index.php"><br />' . $l_back_to . '</a>.</div><br />';
              } else {
                  echo '
<h3>' . $l_change_pw . '</h3><br />
<div align="center"><span id="msg"></span></div>
<form method="post" action="">
<table class="registration" border=1><tr>
<th><b>&nbsp;<input disabled="disabled" value = "' . $l_change_pw . '" type="text" name="user_email" /></b></th>
<th><b></b></th></tr>


<tr>
<td width="220" height="36"><div align="right">' . $l_password . '
</div></td><td> <div align="left"> <input size="30" type="password" name="user_password" />
</td>

<tr>
<td height="36"><div align="right">' . $l_confirm_pw . '</div></td><td> <div align="left"><input size="30" type="password" name="user_pass_check" /></div></td></tr>

</div></table>  
<br />
<table class="registration" border=1>
<tr>
        <td height="36"><input type="submit" class="inputButton" value="' . $l_submit . '" />
       </td></tr></table></form>
';
              }
          } else {
              $errors = array();
              if (isset($_POST['user_password'])) {
                  if (strlen($_POST['user_password']) < $min_password_characters) {
                      $errors[] = $l_error_pw_few;
                  }
                  
                  if ($_POST['user_password'] != $_POST['user_pass_check']) {
                      $errors[] = $l_error_pw_match;
                  }
              } else {
                  $errors[] = $l_error_pw_empty;
              }
              if (!empty($errors)) {
                  echo '<b>Information</b><hr><br/><div align="center">' . $l_error_message . '<br /><br /><tr>';
                  foreach ($errors as $key => $value) {
                      /* walk through the array so all the errors get displayed */
                      echo '<td><span style="color:red;">' . $value . '<br /></td></tr></span>';
                  }
                  echo '<br /><a href="javascript: history.go(-1) ">' . $l_back_to_prev . '</a></div><br /><br />';
              } else {
                  //CHANGE PASSWORD CODE HERE
                  $result = $db->query("UPDATE " . $table_prefix . "users SET user_pass='" . sha1($_POST['user_password']) . "', confirm_code = '' WHERE confirm_code = '" . mysql_real_escape_string($_GET['passkey']) . "'");
                  if ($result) {
                      echo '<b>Information</b><hr><br/><div align="center">' . $l_password_changed . '<br /><br /><a href = "signin.php">' . $l_now_login . '</a><br/><br/>';
                  }
              }
          }
      } else {
          if ($_SERVER['REQUEST_METHOD'] != 'POST') {
              $pageTitle = "$l_change_pw_title";
              
              if ($captcha == 1) {
                  $ifcaptcha = "";
                  $end = "";
              }
              if ($captcha != 1) {
                  $ifcaptcha = "<!--";
                  $end = "-->";
              }
              
              $tags = array('{FORGOT_P}', '{SEND_PW}', '{EMAIL}', '{EMAIL_EXPLAIN}', '{IFCAPTCHA}', '{END}', '{CAPTCHA_EXPLAIN}');
              $data = array($l_change_pw_title, $l_send_pw, 'E-mail address', $l_email_explain, $ifcaptcha, $end, $l_captcha_explain);
              
              echo str_replace($tags, $data, file_get_contents("./style/" . $default_style . "/forgot_password.html"));
          }
          
          else {
              $errors = array();
              if ($captcha == 1) {
                  $key = substr($_SESSION['key'], 0, 5);
                  $number = $_REQUEST['number'];
                  if ($number != $key) {
                      $errors[] = "$l_error_captcha";
                  }
              }
              if (!empty($errors)) {
                  echo '<b>' . $l_information . '</b><hr><br/><div align="center">' . $l_error_message . '<br /><br /><tr>';
                  foreach ($errors as $key => $value) {
                      /* walk through the array so all the errors get displayed */
                      echo '<td><span style="color:red">' . $value . '<br /></td></tr></span>';
                  }
                  echo '<br /><a href="' . $_SERVER['PHP_SELF'] . '">' . $l_back_to_prev . '</a></div><br /><br />';
              } else {
			      $result = $db->query("SELECT  user_email, user_name FROM " . $table_prefix . "users WHERE user_email = '" . mysql_real_escape_string($_POST['user_email']) . "'");
                  if (!$result) {
                      //something went wrong, display the error
                      echo 'Something went wrong while signing in. Please try again later.';
                      //echo mysql_error(); //debugging purposes, uncomment when needed
                  } else {
                      if (mysql_real_escape_string($_POST['user_email']) == "") {
                          echo '<br><b>' . $l_information . '</b><hr/><br/><div align="center"><span style="color:red">' . $l_error_email_empty . '</span><br /><a class="loginlink" href="forgot_password.php"><br />' . $l_please_try_again . '</a>.</div><br />';
                          die;
                      }
                      
                      if (mysql_num_rows($result) == 0) {
                          echo '<br><b>' . $l_information . '</b><hr/><br/><div align="center"><span style="color:red">' . $l_error_wrong_email . '</span><br /><a class="loginlink" href="forgot_password.php"><br />' . $l_please_try_again . '</a>.</div><br />';
                      } else {
                          //LOCAL mail
                          $row = $db->fetch_array($result,'assoc');
                          $email = mysql_real_escape_string($_POST['user_email']);
                          $confirm_code = md5(uniqid(rand()));
                          $url = "http://" . $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"];
                          
                          $subject = $l_forumname . " | Change password ";
                          $message = "$l_email_message1 " . $row['user_name'] . ",\r\n\r\n";
                          $message .= $l_email_message2;
                          $message .= $l_email_message3;
                          $message .= $l_email_message4;
                          $message .= "" . $url . "?changepass=1&passkey=$confirm_code";
                          
                          if ($smtp == "local") {
                              $myemail = $smtp_username;
                              //mysql_real_escape_string($_POST['user_email']);    //"$_POST[user_email]";
                              $to = mysql_real_escape_string($_POST['user_email']);
                              $subject = $subject;
                              $sendmessage = $message;
                              $headers = "From: $l_forumname<$myemail>" . "\r\n" . "Reply-To: $myemail" . "\r\n" . 'X-Mailer: PHP/' . phpversion();
                              $sentmail = mail($to, $subject, $sendmessage, $headers);
                              if ($sentmail) {
                                  $result = mysql_query("UPDATE " . $table_prefix . "users 
  SET confirm_code = '" . $confirm_code . "' 
  WHERE user_email = '" . mysql_real_escape_string($_POST['user_email']) . "'");
                                  echo '<br><b>' . $l_information . '<b><hr><br /><div align="center">
  
  <span style="color:green">' . $l_email_info_send . ' ' . $_POST['user_email'] . '</font><br /><a class="loginlink" href="index.php"><br />' . $l_back_to . '</a>.</div><br />';
                              }
                          }
                          //END LOCAL mail
                          
                          //SMTP MAIL
                          if ($smtp == "smtp") {
                              error_reporting(E_STRICT);
                              date_default_timezone_set('America/Toronto');
                              require_once('./phpmailer/class.phpmailer.php');
                              $mail = new PHPMailer();
                              
                              $body = "$l_email_message1 " . $row['user_name'] . ",\r\n<br /><br />
$l_email_message2<br /><br />
$l_email_message3\r\n\r\n<br /><br />
$l_email_message4 \r\n<br />" . $url . "?changepass=1&passkey=$confirm_code";
                              $body = eregi_replace("[\]", '', $body);
                              
                              // telling the class to use SMTP
                              $mail->IsSMTP();
                              // SMTP server
                              $mail->Host = $smtp_server;
                              // enables SMTP debug information (for testing)
                              $mail->SMTPDebug = 1;
                              // 1 = errors and messages, 2 = messages only
                              // enable SMTP authentication
                              $mail->SMTPAuth = true;
                              // sets the SMTP server
                              $mail->Host = $smtp_server;
                              $mail->SMTPSecure = $smtp_secure;
                              // set the SMTP port for the GMAIL server
                              $mail->Port = $smtp_port;
                              // SMTP account username
                              $mail->Username = $smtp_username;
                              // SMTP account password
                              $mail->Password = $smtp_password;
                              
                              $mail->SetFrom($smtp_username, $l_forumname);
                              $mail->AddReplyTo($smtp_username, $l_forumname);
                              $mail->Subject = $l_email_subject;
                              // optional, comment out and test
                              $mail->AltBody = "$l_email_alt_body";
                              
                              $mail->MsgHTML($body);
                              $address = mysql_real_escape_string($_POST['user_email']);
                              $mail->AddAddress($address, "Ivan A.");
                              
                              if (!$mail->Send()) {
                                  echo "Mailer Error: " . $mail->ErrorInfo;
                              } else {
                                  $result = mysql_query("UPDATE " . $table_prefix . "users 
  SET confirm_code = '" . $confirm_code . "' 
  WHERE user_email = '" . mysql_real_escape_string($_POST['user_email']) . "'");
                                  
                                  echo '<br><b>' . $l_information . '<b><hr><br /><div align="center">
  
  <span style="color:green">' . $l_email_info_send . ' ' . $_POST['user_email'] . '</font><br /><a class="loginlink" href="index.php"><br />' . $l_back_to . '</a>.</div><br />';
                              }
                          }
                          //END SMTP MAIL
                      }
                  }
              }
          }
      }
  } else {
      echo '<br><b>' . $l_information . '<b><hr><br /><div align="center"><span style="color:red">' . $l_email_error_login . '</font><br /><a class="loginlink" href="index.php"><br />' . $l_back_to . '</a>.</div><br />';
  }
  $pageContents = ob_get_contents();
  ob_end_clean();
  echo str_replace('<!--TITLE-->', $pageTitle, $pageContents);
?>
